DOJ Recovered Over $3 Billion from False Claims Act Cases in FY 2019The Department of Justice (DOJ) recently announced that it obtained more than $3 billion in False Claims Act (FCA) settlements and judgments in the fiscal year ending Sept. 30, 2019.

Notably, DOJ reports that “matters that involved the health care industry” comprised the largest portion of these FCA recoveries in FY 2019, but that “procurement fraud” recoveries comprised the second largest category of recoveries for DOJ this past year.

Among the more notable “procurement fraud” recoveries that DOJ reports are:

  • Five South Korea-based companies agreed to resolve allegations that they engaged in anticompetitive conduct targeting contracts to supply fuel to the U.S. military in South Korea and made false statements to the government in connection with their agreement not to compete. The U.S. Department of Defense (DOD) paid substantially more for fuel supply services in South Korea than it would have absent collusion on the fuel supply contracts. In total, DOJ reports that the five companies paid over $162 million as part of the FCA settlements.
  • DOJ entered into a $34.6 million settlement with an aluminum extrusion manufacturer to resolve the company’s civil liability for causing a government contractor to invoice NASA and the DOD for aluminum extrusions that did not comply with contract specifications. DOJ reports that government contractors purchased aluminum extrusions from the company for use on rockets for NASA and missiles provided to DOD. DOJ reports that the company provided those contractors with falsified certifications after altering the results of tensile tests designed to ensure the consistency and reliability of aluminum extrusions. Several of the rockets used by NASA crashed, resulting in the loss of the NASA payloads that they carried. The company also resolved related criminal claims arising from the same conduct.
  • DOJ recovered over $27 million from a federal defense contractor in a settlement of FCA allegations related to two battlefield communications contracts with the U.S. Air Force. The settlement resolved allegations that the company billed the Air Force for labor hours purportedly incurred by individuals stationed in the Middle East who had not actually worked the hours claimed.
  • In separate settlement agreements with DOJ, one airline company paid $22 million and another airline company paid $5.8 million to resolve allegations that they falsely reported the times they transferred possession of United States mail to foreign postal administrations or other intended recipients under contracts with the U.S. Postal Service (USPS). USPS contracted with the airlines to take possession of receptacles of United States mail at six locations in the U.S. or at various DOD and State Department locations abroad, and then timely deliver that mail to numerous international and domestic destinations.
  • A software development company paid $21.57 million to resolve allegations that it caused the government to be overcharged by providing misleading information about its commercial sales practices that was used in General Services Administration (GSA) contract negotiations. The company allegedly provided false information concerning its commercial discounting practices for its products and services to resellers, who then used that false information in negotiations with GSA for government-wide contracts. DOJ reports that the false disclosures “caused GSA to agree to less favorable pricing, and, ultimately, government purchasers to be overcharged.”

In light of the DOJ’s recent FCA report, as well as DOJ’s recent formation of a Procurement Collusion Strike Force, procurement fraud undoubtedly will be an even bigger focus for DOJ in 2020.

If you have any questions about how your company can potentially prevent or resolve procurement fraud-related matters, please do not hesitate to contact Aron Beezley.

DFARS / CMMC for 2020: Culmination of Efforts to Protect National Security Data and Networks 2020 Cybersecurity Requirements for Government Contractors

In 2016, the U.S. Department of Defense (DoD) issued a Defense Federal Acquisition Regulation Supplement (DFARs) intended to better protect defense data and networks. Beginning in 2017, DoD began issuing a series of memoranda to further enhance protection of defense data and networks via Cybersecurity Maturity Model Certification (CMMC).

In December 2019, the Department of State, Directorate of Defense Trade Controls (DDTC) issued long-awaited guidance in part governing the minimum encryption requirements for storage, transport and/or transmission of controlled but unclassified information (CUI) and technical defense information (TDI) otherwise restricted by ITAR.

The foregoing multi-year effort to protect defense data and national security networks are culminating in 2020  ̶  and government contractors must be prepared to comply or face potentially draconian consequences ranging from disqualification to enforcement.

DFARs initiated the government’s efforts to protect national security data and networks by implementing specific NIST cyber requirements for all DoD contractors with access to CUI, TDI or a DoD network. DFARs was self-compliant in nature.

CMMC provided a broad framework to enhance cybersecurity protection for the Defense Industrial Base (DIB). CMMC created a verification program to ensure that NIST complaint cybersecurity protections are in place to protect CUI and TDI that resides on DoD and DoD contractors’ networks. Unlike DFARs, CMMC requires certification of compliance by an independent cybersecurity expert.

Operational application of CMMC — and associated DFARs NIST requirements — will occur in 2020. Independent cybersecurity assessments and the inclusion of CMMC requirements in DoD solicitations will begin in Q2 2020, and it is expected that such will be included in all DoD solicitations by Q3 2020.

In summary, the CMMC will require government contractors and subcontractors, including small businesses, to:

  • Establish the applicable level of CMMC controls to reduce cyber risks
  • Verify compliance with the applicable CMMC level of protection, including DFARs/NIST
  • Conduct periodic cyber audits and risk assessments by independent certifying organizations
  • Agree to permit U.S. government agencies, such as the Defense Contract Management Agency (DCMA) and Defense Counterintelligence and Security Agency (DCSA), to conduct “higher level assessments”

All DoD contractors and subcontractors will be required to be certified at CMMC Level 1 to qualify for any contract award. Depending on the required access to, or generation of, CUI and TDI, a contractor will have to be certified at one of the ascending five levels of CMMC certification. Notably, each level is cumulative of each lower level of certification.

The final CMMC framework is scheduled to be released sometime later this month, January 2020, with regulations expected to follow later in the year. Once implemented, contractors will be required to represent their compliance with the CMMC level dictated in the DoD solicitation. Failure to do so will be a basis for disqualification, with misrepresentation of such subject to possible Federal False Claims Act enforcement.

Ultimately, anyone doing business with the DoD, whether as a prime or subcontractor, should be prepared to fully comply with DFARs and CMMC in 2020.

Advance preparation, including engagement of needed third-party resources, should be undertaken in the very near term – together with periodic review of relevant updates as they become available.

Additional information can be found on the CMMC website. Interested parties can also set up alerts to receive updates as they are posted to the .mil website.

 

This blog post was originally published and distributed on the Bradley website as a Cybersecurity and Privacy Alert on January 8, 2020.

Number 3: Not Identifying Key Issues in AdvanceThis post is a continuation of the 10 most horrible, terrible, no good, “bang your head against the door” mistakes that I have seen lawyers make before, during and after mediations in which I was the mediator. As stated in previous posts, it takes more than throwing together a mediation statement at the last second and showing up at the mediation. Doing it right requires the same kind of due diligence and work that goes into preparing for a key deposition or even trial. Great “mediation” lawyering is essential and is the best way to get to an acceptable deal.

Number 3: Not Identifying Key Issues in Advance

A long day of mediation can be scuttled with last minute issues which should have been identified early in the day.  If money will change hands, when and how? What about that non-disparagement or confidentiality clause? Many times, parties have agonized over the amounts to be paid, only to have the paying party say, “By the way, I don’t have that money now. I have to pay it over time.” The other side then explodes and cries “bad faith.” Emotions then get into the way of a deal that appeared to be done.  To increase the likelihood of a successful mediation, payment timing issues, tax returns, financial statements, collateral, covenants not to execute, and the like, simply cannot magically appear at 7 pm after a long day of mediation.  How important is a non-disparagement clause or a limitation on social media (or withdrawal of a social media post)?  What about indemnification? Exactly what claims are going to be released? Who will be released (which can be a real issue especially in commercial disputes like construction cases)?  Allowing such seminal issues to fester until late in the mediation can be a real deal breaker, and it also really upsets the mediator who has worked hard to get the parties to agree to the basic deal terms.  A good mediator and counsel will have thought through these issues well before the day of mediation or brought those issues to the forefront early in the day.

Read numbers 4, 56789 and 10 on the list.